Slashdot Mirror

← Back to Stories (view on slashdot.org)

GM Performs Stealth Update To Fix Security Bug In OnStar

Posted by timothy on from the just-trust-us dept.

An anonymous reader writes: Back in 2010, long before the Jeep Cherokee thing, some university researchers demonstrated remote car takeover via cellular (old story here). A new Wired article reveals that this was actually a complete exploit of the OnStar system (and was the same one used in that 60 Minutes car hacking episode last year). Moreover, these cars stayed vulnerable for years -- until 2014, when GM created a remote update capability and secretly started pushing updates to all the affected cars.

4 of 91 comments (clear)

  1. The only fix... by Anonymous Coward · · Score: 5, Insightful

    The only fix for the security problems with Onstar and any similar system is total removal of the hardware and software!!!!!

    1. Re:The only fix... by aaron4801 · · Score: 4, Informative

      I don't own a GM car, but it seems that at least some vehicles will have a separate fuse and/or control system for OnStar:
      3 ways to deactivate OnStar

  2. This is not reassuring by beschra · · Score: 5, Interesting

    From GM chief product cybersecurity officer Jeff Massimilla:

    “We were able to find a way to deliver over-the-air updates on a system that was not necessarily designed to do so.”

    They hacked it so they could hack it. I'm glad GM has my back.

    --
    It is unwise to ascribe motive
  3. How does a consumer test for the vulnerability? by ShaunC · · Score: 4, Interesting

    As someone who drives a GM car that came with an OnStar antenna, a rearview mirror full of OnStar buttons, and an OnStar free trial... How do I determine whether or not my car is vulnerable? Whether it received the patch? Which generation of OnStar my car has?

    I haven't had anything to do with OnStar since I was driving down the interstate and suddenly received a loud and unexpected phone call from a fucking OnStar telemarketer. My trial, which came with the car and which I hadn't used, was about to expire, so they decided to make a sales call. To my car. While I was driving. Out of nowhere, the car muted the radio, made some very loud dinging noises, and started blasting an unknown woman's voice over the stereo system while I was driving down the highway. She's asking me if I want to sign up for OnStar at such and such monthly rate. I have never been so distracted by anything while behind the wheel of a car, and vowed never to use any OnStar service again.

    I'd just like to know whether or not the OnStar in my car, which I had hoped was disabled after not paying for it, will attempt to kill me again.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!